Router Chooser

NAS Charts

NAS Ranker

More Tools

LAN & WAN How To

How To

Now that you understand VLAN basics, let's get to the fun part! I'll be showing you how to segment a single-subnet LAN into multiple private segments.This basic application of VLANs is handy for adding an extra measure of security to clients or servers that contain confidential information. It can also be used in multi-tenant applications, to share a single Internet connection, yet allow each tenant to share files and printers without worrying about the others. I'm sure you can think of other applications.

I'll be using a Linksys SRW2008 (Figure 4), an eight
port 10/100/1000 switch with a nice web utility for configuration. The SRW (reviewed here) is a
Layer 2 switch with a large number of features, including VLAN support.

Figure 4: The Linksys SRW2008 switch

The basic steps in configuring a VLAN are:

Plan your network.

Create the VLANs.

Associate switch ports with the VLANs.

Test VLAN connectivity.

Implement security measures as appropriate.

Planning

The most important part of VLAN
implementation, even in a small network, is planning. You need to review your
devices and decide which ones should go in which VLAN. A network administrator
must consider the components, functions, and traffic types of all the elements
of the network when planning VLANs.

The network components connected to the eight port SRW switch
I'm using for this VLAN example are a LAN port from the RV042 router on port 1,
a WiFi router on port 2, a Windows Server on port 3, a NAS on port 4, a printer
on port 5, a Linux VoIP Server on port 6, a VoIP ATA on port 7, and a laptop
computer on port 8. Figure 5 is a simple diagram of the "Before LAN."

Figure 5: The network before dividing into VLANs

None of these components are "VLAN-aware," meaning they will
send all frames to the switch "UnTagged." VLAN-aware devices, such as VLAN-enabled switches, as well as advanced network interface cards, can specify VLAN
information by "Tagging" a frame with a VLAN number. This is an important
factor when it comes to multi-switch configurations.

A common VLAN best practice is to place all VoIP devices in
their own VLAN to prevents data traffic from interfering with time-sensitive voice traffic. So we have:

- a VLAN for the Data devices
- a VLAN for the VoIP devices

But I also need both Data and VoIP devices to have Internet access. So I'll need:

- a VLAN to enable Internet
access for both VLANs

This ability to allow ports to access multiple VLANs comes in very handy and is key to our example.

I'm also going to configure the Laptop switch port for access
to all VLANs and the management functions of the SRW. The SRW switch itself is also a member of the LAN, and has
its own IP address. It is important to remember this device and include it in a
VLAN to retain access to the switch's management utility. More on this later.

Mapping your network is a big part of the planning. The SRW
allows for naming the devices on each port, which is time well spent for the
future date when you're troubleshooting. I took a few minutes and wrote down
which devices in my LAN were going to be plugged into which physical port on
the switch. I then configured the SRW with a recognizable name for each port in
the Description field of the Port Management menu (Figure 6), making it easier to see what
was where.

LATEST RELEASE: Update-07
20-January-2015
Merlin fork 374.43_2-07j9527
Download http://1drv.ms/1uChm3J
===============================
For those of you not yet ready to update to the latest 376 or 378 releases, I have created an incremental update (fixpack) to 374.43_2....